On Wed, Mar 24, 2004 at 12:51:00PM -0800, Dan Quinlan wrote: > I think mass-check shouldn't be de-encapsulating email that wasn't > encapsulated locally. A regular expression based on the checking host > name seems like the way to go, something that can be stored in a > configuration file.
Well, I thought about that. But 1) I don't want to have even more configuration necessary for mass-check, and 2) is the overhead of the extra checks worth it for the total infrequency of this issue? I mean really ... No spammer is going to knowingly send out mails like this. 1) With an X-Spam-Status: Yes header on incoming mails, it's obviously spam so don't bother dealing with it and just trash it. 2) if there isn't a X-Spam-Status: Yes, but it's encapsulated, the message will basically be unreadable to the recipient. If I read the messages correctly, the only reason this mail is like this in the first place is because someone's MTA was incorrectly configured to markup outgoing mail. So fine, drop already marked up mails at the MTA/out of the corpus, and be done with it -- SA has already found the message to be spam, so our job is done. > Obviously, de-encapsulation should never be done in a normal check. Yeah. The only thing we do for checks is drop the X-Spam-* headers (they're left in the output message). Arguably we don't even need to do that. Could make a rule that looks for X-Spam headers that way. -- Randomly Generated Tagline: "Perl is your friend. Use Perl." - Randal Schwartz
pgpa9u8zW14xS.pgp
Description: PGP signature
